Skip to content

Instantly share code, notes, and snippets.

@scottsappen

scottsappen/gist:5901810

Created July 1, 2013 15:24
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save scottsappen/5901810 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save scottsappen/5901810 to your computer and use it in GitHub Desktop.
Download ZIP
ASP.Net SQL Server sql injection safety
Raw
gistfile1.txt
Dim connString As String = ConfigurationManager.ConnectionStrings("your_database").ConnectionString
Dim sqlString As String = ""
Dim sqlConnection As New SqlConnection(connString)
sqlString = "insert into [ss].[dbo].[MyGuestBook] (firstName) values (@firstName);"
Dim sqlCommand As New SqlCommand(sqlString, sqlConnection)
Dim paramFirstName = New SqlParameter("firstName", SqlDbType.VarChar)
paramFirstName.Value = inputFromUserCleanedFirstName
sqlCommand.Parameters.Add(paramFirstName)
sqlConnection.Open()
sqlCommand.ExecuteScalar()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment